Difference: CricInfoSystem (1 vs. 5)

Revision 52019-09-18 - StephanLammel

Line: 1 to 1
 
META TOPICPARENT name="FacilitiesServicesDocumentation"
Line: 17 to 17
 

List of Users in CRIC

CRIC uses a crontab job to query the users in CERN's LDAP and all users of the CERN e-groups that are defined in the CRIC instance. The crontab runs three times per day at 2:10, 10:30, and 11:30 CERN time. Users are handled inside CRIC by accounts that are email addresses. A person can have multiple accounts (with different emails) and there is no association between them. CRIC user accounts have an associated SSO account that is synchronized with the CERN human-resource database and e-groups. CRIC accounts are updated (certificates updated, e-group membership added/removed) when a user logs into CRIC.
Changed:
<
<
The CRIC SSO "CMS_USERS" group is mapped to the CERN "cms-zh" e-group. The SSO group will update automatically, i.e. accounts added/removed based on cms-zh e-group membership. Additional accounts can be added statically to the CRIC "CMS_USERS" group that is the group actuallt used for authorization and includes the CRIC SSO "CMS_USERS" group.
>
>
The CRIC SSO "CMS_USERS" group is mapped to the CERN "cms-zh" e-group. The SSO group will update automatically, i.e. accounts added/removed based on cms-zh e-group membership. Additional accounts can be added statically to the CRIC "CMS_USERS" group that is the group actually used for authorization and includes the CRIC SSO "CMS_USERS" group.
 

Crontab jobs

CRIC uses crontab jobs to fetch various data from primary sources. A list of all the crontabs of the CMS instance with last run time, status, and brief description can be found here.

Revision 42019-09-10 - StephanLammel

Line: 1 to 1
 
META TOPICPARENT name="FacilitiesServicesDocumentation"
Line: 9 to 9
 CRIC is based on/a modernization of the Atlas AGIS information system. It is oriented around grid resources. For CMS site, facility, computing, storage, and group information additional data structures were developed. The history of the project makes these CMS-specific data structures a bit more complex with many unused fields but allows sharing of the core data structures with other WLCG-supported experiments.

Current Implementation State

Changed:
<
<
As of autumn 2019 user, group, facilities, and sites are implemented, APIs mostly complete/validated, and in production use.
>
>
As of autumn 2019 user, group, facilities, and sites are implemented, APIs mostly complete/validated, and the CMS instance in production use.
 
Changed:
<
<

List of Users in CRIC

>
>

Documentation

Documentation of the CMS CRIC instance is located here.

List of Users in CRIC

 CRIC uses a crontab job to query the users in CERN's LDAP and all users of the CERN e-groups that are defined in the CRIC instance. The crontab runs three times per day at 2:10, 10:30, and 11:30 CERN time. Users are handled inside CRIC by accounts that are email addresses. A person can have multiple accounts (with different emails) and there is no association between them. CRIC user accounts have an associated SSO account that is synchronized with the CERN human-resource database and e-groups. CRIC accounts are updated (certificates updated, e-group membership added/removed) when a user logs into CRIC.

The CRIC SSO "CMS_USERS" group is mapped to the CERN "cms-zh" e-group. The SSO group will update automatically, i.e. accounts added/removed based on cms-zh e-group membership. Additional accounts can be added statically to the CRIC "CMS_USERS" group that is the group actuallt used for authorization and includes the CRIC SSO "CMS_USERS" group.

Added:
>
>

Crontab jobs

CRIC uses crontab jobs to fetch various data from primary sources. A list of all the crontabs of the CMS instance with last run time, status, and brief description can be found here.
 

New Site Setup (for the Site Support team)

Setup of a new CMS site consists of three steps: 1) setting up the facility/site e-groups, 2) setting up the CRIC facility, and 3) setting up the CRIC site. Members of the CMS SIte Support e-group have the required permissions to do this (and detailed instructions). Site executives or admins do not currently have to interact with CRIC if the "Data Manager" and "PhEDEx Contact" lists were provided in the initial ticket. (CRIC has a permission issue and site executives cannot change the two lists directly, please email the site support team in case a change is required.) \ No newline at end of file

Revision 32019-09-06 - StephanLammel

Line: 1 to 1
 
META TOPICPARENT name="FacilitiesServicesDocumentation"
Line: 16 to 16
  The CRIC SSO "CMS_USERS" group is mapped to the CERN "cms-zh" e-group. The SSO group will update automatically, i.e. accounts added/removed based on cms-zh e-group membership. Additional accounts can be added statically to the CRIC "CMS_USERS" group that is the group actuallt used for authorization and includes the CRIC SSO "CMS_USERS" group.
Added:
>
>

New Site Setup (for the Site Support team)

Setup of a new CMS site consists of three steps: 1) setting up the facility/site e-groups, 2) setting up the CRIC facility, and 3) setting up the CRIC site. Members of the CMS SIte Support e-group have the required permissions to do this (and detailed instructions). Site executives or admins do not currently have to interact with CRIC if the "Data Manager" and "PhEDEx Contact" lists were provided in the initial ticket. (CRIC has a permission issue and site executives cannot change the two lists directly, please email the site support team in case a change is required.)
  \ No newline at end of file

Revision 22019-09-02 - StephanLammel

Line: 1 to 1
 
META TOPICPARENT name="FacilitiesServicesDocumentation"
Line: 12 to 12
 As of autumn 2019 user, group, facilities, and sites are implemented, APIs mostly complete/validated, and in production use.

List of Users in CRIC

Changed:
<
<
CRIC uses a crontab job to query the users of all the CERN e-groups that are defined in the CRIC instance. Users are handled inside CRIC by accounts that are email addresses. A person can have multiple accounts (with different emails) and there is no association between them.
>
>
CRIC uses a crontab job to query the users in CERN's LDAP and all users of the CERN e-groups that are defined in the CRIC instance. The crontab runs three times per day at 2:10, 10:30, and 11:30 CERN time. Users are handled inside CRIC by accounts that are email addresses. A person can have multiple accounts (with different emails) and there is no association between them. CRIC user accounts have an associated SSO account that is synchronized with the CERN human-resource database and e-groups. CRIC accounts are updated (certificates updated, e-group membership added/removed) when a user logs into CRIC.
 
Changed:
<
<
The CRIC "CMS_USERS" group is mapped to the CERN "cms-zh" e-group.
>
>
The CRIC SSO "CMS_USERS" group is mapped to the CERN "cms-zh" e-group. The SSO group will update automatically, i.e. accounts added/removed based on cms-zh e-group membership. Additional accounts can be added statically to the CRIC "CMS_USERS" group that is the group actuallt used for authorization and includes the CRIC SSO "CMS_USERS" group.
 

Revision 12019-08-30 - StephanLammel

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="FacilitiesServicesDocumentation"

Computing Resource Information Catalogue

In 2016 WLCG, the Worldwide LHC Computing Grid, collaboration launched a project to build a new information system to replace the aging WLCG and experiment information systems. At the time CMS had computing information in various systems, databases, code repositories with revision control, and configuration files in various formats. SiteDB was the main grid computing and user authorization information system. SITECONF was holding PhEDEx and local site configuration information. SSB, Site Status Board, metrics were used for various slow but rebularly changing information.

CRIC is based on/a modernization of the Atlas AGIS information system. It is oriented around grid resources. For CMS site, facility, computing, storage, and group information additional data structures were developed. The history of the project makes these CMS-specific data structures a bit more complex with many unused fields but allows sharing of the core data structures with other WLCG-supported experiments.

Current Implementation State

As of autumn 2019 user, group, facilities, and sites are implemented, APIs mostly complete/validated, and in production use.

List of Users in CRIC

CRIC uses a crontab job to query the users of all the CERN e-groups that are defined in the CRIC instance. Users are handled inside CRIC by accounts that are email addresses. A person can have multiple accounts (with different emails) and there is no association between them.

The CRIC "CMS_USERS" group is mapped to the CERN "cms-zh" e-group.

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback